1314793 - Creating Testing Framework for Proxy Bypasses for Fennec

Status: RESOLVED INCOMPLETE

(Firefox for Android Graveyard :: General, defect, P5)

Description

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

We would like to run many or all of our existing testsuite through a framework that will set a proxy for Fennec and can alert if any connections (DNS, TCP, UDP) go outside of the proxy. 

(WebRTC will be a tricky one to address, but we can disable those tests until we have a solution in place for it.  For that, see also #1314443 and #1314448)

In addition to the testing for this we want to do on desktop (see #1314449), we would like to do this on Android as well, as many things happen inside the Java application that are not exposed to Necko (see #507641).

Comment 1

[Jonathan Hao (inactive) [:jhao]]

Hi Amogh, could you share with us how you tested the proxy of Fennec?

Comment 2

[amoghbl1]

To make sure that all Orfox uses the Orbot proxy for everything we employed the following method of testing:
1) Install NoRootFirewall and allow network connections only from Orbot and not Orfox.
2) Install Orfox and Orbot.
3) Open Orfox and open a few websites with it.
4) Check the NoRootFirewall log to make sure no requests from Orfox are seen.

Although this way of testing isn't extensive, it tells us that certain parts of Java that we know are triggering are definitely using the Orbot proxy, such as LoadFaviconTask, SuggestClient etc.

So we rely on our network audit to be extensive enough to cover all the network Java code and make sure Java code is using proxy using this test.

Hopefully the testing framework spoken about here is FF for Android compatible in which case it would be very useful for Orfox as well!

Comment 3

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

Hm. I'm not sure that method will be the one we can end up using for this framework. 

Jonathan, how do we currently do automated Android testing? I assume we have tests that are run on emulators?

Comment 4

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

Had a chat with James Wilcox and Geoff Brown about this. The path forward is to use the https://github.com/w3c/web-platform-tests set of tests on an Android emulator. The Emulator will need it's own equivalent of NoRootFirewall installed which we will need to build. It doesn't need the featureset of NoRootFirewall though, no UI needed, just logging and alerting.

Comment 5

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

Nathan made a prototype tor VPN app that may serve as partial sample code: https://github.com/n8fr8/orbotconnect

Comment 6

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

To sketch out a plan for this:

Create an app using the VPNService API: https://developer.android.com/reference/android/net/VpnService.html

This app has an IP address and port built in (or it can be overridden by the user) that points to a SOCKS proxy that Mozilla will operate (which doesn't exist yet.)  When the app is turned on, it will intercept all network requests from Fennec, and if any request goes to somewhere other than the IP/port it knows about, it logs the traffic in as much detail as possible (IP/Port/Payload) - ideally as a pcap if possible.

Comment 7

[Firefox Bug Husbandry Bot]

Re-triaging per https://bugzilla.mozilla.org/show_bug.cgi?id=1473195

Needinfo :susheel if you think this bug should be re-triaged.

Comment 8

[BMO Automation]

We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.